WRSA.exe
Webroot SecureAnywhere by Webroot Inc. (Signed)
Warning 10 antivirus scanners has detected malware in various versions of WRSA.exe.
Overview
There are 14 versions of wrsa.exe in the wild, the latest version being 8.0.4.84. It is started as a Windows Service with the name 'WRSVC' and described as “Webroot SecureAnywhere Antivirus v8.0.2.118”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. The average file size is about 727.46 KB. The file is a digitally signed and issued to Webroot Inc. by VeriSign. Some variations of the file have been seen to be installed with the program Webroot SecureAnywhere from Webroot. During the process's lifecycle, the typical CPU resource utilization is about 0.0007% including both foreground and background operations, the average private memory consumption is about 42.74 MB. Addionally, typically read and write I/O disk operations is about 3.17 MB per minute for reads and 216.22 KB per minute for writes.
About wrsa.exe (from Webroot Inc.)
“You need the best protection against viruses, spyware and malware. That's why we've improved the protection found in Spy Sweeper and created Webroot® SecureAnywhere™ AntiVirus, giving you online prote”
 Details
|
| File name: | wrsa.exe |
| Publisher: | Webroot |
| Product name: | Webroot SecureAnywhere |
| Typical file path: | C:\Program Files\webroot\wrsa.exe |
| Certificate |
| Issued to: | Webroot Inc. |
| Authority (CA): | VeriSign |
| Expiration date: | Thursday, January 9, 2014 |
| Windows Service |
| Service name: | WRSVC |
| Description: | “Webroot SecureAnywhere Antivirus v8.0.2.118” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Webroot SecureAnywhere.)
“Webroot SecureAnywhere uses a radically new cloud-based approach to online security that protects you against the latest threats as soon as they emerge. And it does so at blazing fast speeds, typicall...”
Behaviors
(Note, the behaviors below are for all versions of wrsa.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'WRSVC' → "C:\Program Files\Webroot\WRSA.exe" -ul
Malware detections
Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| AegisLab |
1.5 |
W32.W.Mabezat |
8.0.2.118 |
| Norman |
6.08.06 |
W32/Sality.AKHL |
8.0.1.233 |
| Rising Antivirus |
24.44.06.03 |
Suspicious |
8.0.1.233 |
| Rising Antivirus |
24.65.03.05 |
Suspicious |
8.0.2.96 |
| Rising Antivirus |
25.0.0.11 |
PE:Stealer.Zbot!1.6524 |
8.0.2.118 |
| Rising Antivirus |
24.64.02.04 |
Suspicious |
8.0.2.127 |
| Rising Antivirus |
24.75.03.01 |
Suspicious |
8.0.2.155 |
| Rising Antivirus |
24.72.06.04 |
Suspicious |
8.0.2.155 |
| Rising Antivirus |
24.75.03.04 |
Suspicious |
8.0.2.155 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.RCBH1LM |
8.0.1.233 |
All file variations of wrsa.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
28.57% |
|
| Windows Seven Black Edition |
19.05% |
|
| Windows 8 |
19.05% |
|
| Windows 8.1 |
9.52% |
|
| Windows Vista Ultimate |
4.76% |
|
| Windows 8 Pro with Media Center |
4.76% |
|
| Windows Vista Home Premium |
4.76% |
|
| Windows 7 Ultimate N |
4.76% |
|
| Windows 7 Ultimate |
4.76% |
|
Distribution by country
United States installs about 95.24% of Webroot SecureAnywhere.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
52.94% |
|
| Acer |
11.76% |
|
| Dell |
11.76% |
|
| Lenovo |
11.76% |
|
| ASUS |
11.76% |
|
